CVE-2016-3672

Bug #1568523 reported by Steve Beattie
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Low
Unassigned
Precise
Fix Released
Low
Unassigned
Trusty
Fix Released
Low
Unassigned
Vivid
Fix Released
Undecided
Unassigned
Wily
Fix Released
Low
Unassigned
Xenial
Fix Released
Low
Unassigned
Yakkety
Fix Released
Low
Unassigned
linux-armadaxp (Ubuntu)
Invalid
Low
Unassigned
Precise
Fix Released
Low
Unassigned
Trusty
Invalid
Low
Unassigned
Vivid
Won't Fix
Undecided
Unassigned
Wily
Invalid
Low
Unassigned
Xenial
Invalid
Low
Unassigned
Yakkety
Invalid
Low
Unassigned
linux-flo (Ubuntu)
New
Low
Unassigned
Precise
Invalid
Low
Unassigned
Trusty
Invalid
Low
Unassigned
Vivid
Won't Fix
Undecided
Unassigned
Wily
New
Low
Unassigned
Xenial
New
Low
Unassigned
Yakkety
New
Low
Unassigned
linux-goldfish (Ubuntu)
New
Low
Unassigned
Precise
Invalid
Low
Unassigned
Trusty
Invalid
Low
Unassigned
Vivid
New
Undecided
Unassigned
Wily
New
Low
Unassigned
Xenial
New
Low
Unassigned
Yakkety
New
Low
Unassigned
linux-lts-quantal (Ubuntu)
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Trusty
Invalid
Low
Unassigned
Vivid
Won't Fix
Undecided
Unassigned
Wily
Invalid
Low
Unassigned
Xenial
Invalid
Low
Unassigned
Yakkety
Invalid
Low
Unassigned
linux-lts-raring (Ubuntu)
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Trusty
Invalid
Low
Unassigned
Vivid
New
Undecided
Unassigned
Wily
Invalid
Low
Unassigned
Xenial
Invalid
Low
Unassigned
Yakkety
Invalid
Low
Unassigned
linux-lts-saucy (Ubuntu)
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Trusty
Invalid
Low
Unassigned
Vivid
Won't Fix
Undecided
Unassigned
Wily
Invalid
Low
Unassigned
Xenial
Invalid
Low
Unassigned
Yakkety
Invalid
Low
Unassigned
linux-lts-trusty (Ubuntu)
Invalid
Low
Unassigned
Precise
Fix Released
Low
Unassigned
Trusty
Invalid
Low
Unassigned
Vivid
Won't Fix
Undecided
Unassigned
Wily
Invalid
Low
Unassigned
Xenial
Invalid
Low
Unassigned
Yakkety
Invalid
Low
Unassigned
linux-lts-utopic (Ubuntu)
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Trusty
Fix Released
Low
Unassigned
Vivid
Won't Fix
Undecided
Unassigned
Wily
Invalid
Low
Unassigned
Xenial
Invalid
Low
Unassigned
Yakkety
Invalid
Low
Unassigned
linux-lts-vivid (Ubuntu)
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Trusty
Fix Released
Low
Unassigned
Vivid
Won't Fix
Undecided
Unassigned
Wily
Invalid
Low
Unassigned
Xenial
Invalid
Low
Unassigned
Yakkety
Invalid
Low
Unassigned
linux-lts-wily (Ubuntu)
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Trusty
Fix Released
Low
Unassigned
Vivid
New
Undecided
Unassigned
Wily
Invalid
Low
Unassigned
Xenial
Invalid
Low
Unassigned
Yakkety
Invalid
Low
Unassigned
linux-lts-xenial (Ubuntu)
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Trusty
Fix Released
Low
Unassigned
Vivid
New
Undecided
Unassigned
Wily
Invalid
Low
Unassigned
Xenial
Invalid
Low
Unassigned
Yakkety
Invalid
Low
Unassigned
linux-mako (Ubuntu)
New
Low
Unassigned
Precise
Invalid
Low
Unassigned
Trusty
Invalid
Low
Unassigned
Vivid
Won't Fix
Undecided
Unassigned
Wily
New
Low
Unassigned
Xenial
New
Low
Unassigned
Yakkety
New
Low
Unassigned
linux-manta (Ubuntu)
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Trusty
Invalid
Low
Unassigned
Vivid
New
Undecided
Unassigned
Wily
New
Low
Unassigned
Xenial
Invalid
Low
Unassigned
Yakkety
Invalid
Low
Unassigned
linux-raspi2 (Ubuntu)
New
Low
Unassigned
Precise
Invalid
Low
Unassigned
Trusty
Invalid
Low
Unassigned
Vivid
Won't Fix
Undecided
Unassigned
Wily
Fix Released
Low
Unassigned
Xenial
Fix Released
Low
Unassigned
Yakkety
New
Low
Unassigned
linux-snapdragon (Ubuntu)
New
Low
Unassigned
Precise
Invalid
Low
Unassigned
Trusty
Invalid
Low
Unassigned
Vivid
New
Undecided
Unassigned
Wily
Invalid
Low
Unassigned
Xenial
Fix Released
Low
Unassigned
Yakkety
New
Low
Unassigned
linux-ti-omap4 (Ubuntu)
Invalid
Low
Unassigned
Precise
Fix Released
Low
Unassigned
Trusty
Invalid
Low
Unassigned
Vivid
Won't Fix
Undecided
Unassigned
Wily
Invalid
Low
Unassigned
Xenial
Invalid
Low
Unassigned
Yakkety
Invalid
Low
Unassigned

Bug Description

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.

Break-Fix: - 8b8addf891de8a00e4d39fc32f93f7c5eb8feceb

Revision history for this message
Steve Beattie (sbeattie) wrote :

CVE-2016-3672

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-lts-trusty (Ubuntu Wily):
status: New → Invalid
Changed in linux-lts-trusty (Ubuntu Xenial):
status: New → Invalid
Changed in linux-lts-trusty (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-wily (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-wily (Ubuntu Wily):
status: New → Invalid
Changed in linux-lts-wily (Ubuntu Xenial):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Wily):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Xenial):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Wily):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Xenial):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Wily):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Xenial):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Wily):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Xenial):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-xenial (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-xenial (Ubuntu Wily):
status: New → Invalid
Changed in linux-lts-xenial (Ubuntu Xenial):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Wily):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Xenial):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Changed in linux-manta (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-vivid (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-vivid (Ubuntu Wily):
status: New → Invalid
Changed in linux-lts-vivid (Ubuntu Xenial):
status: New → Invalid
Changed in linux-raspi2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-raspi2 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-mako (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-utopic (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-utopic (Ubuntu Wily):
status: New → Invalid
Changed in linux-lts-utopic (Ubuntu Xenial):
status: New → Invalid
Changed in linux-goldfish (Ubuntu Precise):
status: New → Invalid
Changed in linux-flo (Ubuntu Precise):
status: New → Invalid
description: updated
Changed in linux-lts-trusty (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-trusty (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-lts-trusty (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-lts-trusty (Ubuntu Trusty):
importance: Undecided → Low
Changed in linux-lts-wily (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-wily (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-lts-wily (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-lts-wily (Ubuntu Trusty):
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Trusty):
importance: Undecided → Low
Changed in linux (Ubuntu Precise):
importance: Undecided → Low
Changed in linux (Ubuntu Wily):
importance: Undecided → Low
Changed in linux (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux (Ubuntu Trusty):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Trusty):
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Trusty):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Trusty):
importance: Undecided → Low
Changed in linux-lts-xenial (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-xenial (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-lts-xenial (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-lts-xenial (Ubuntu Trusty):
importance: Undecided → Low
Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-saucy (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-lts-saucy (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-lts-saucy (Ubuntu Trusty):
importance: Undecided → Low
Changed in linux-manta (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-manta (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-manta (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-manta (Ubuntu Trusty):
status: New → Invalid
Steve Beattie (sbeattie)
Changed in linux-manta (Ubuntu Trusty):
importance: Undecided → Low
Changed in linux-lts-vivid (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-vivid (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-lts-vivid (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-lts-vivid (Ubuntu Trusty):
importance: Undecided → Low
Changed in linux-raspi2 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-raspi2 (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-raspi2 (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-raspi2 (Ubuntu Trusty):
importance: Undecided → Low
Changed in linux-mako (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-mako (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-mako (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-mako (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-utopic (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-utopic (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-lts-utopic (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-lts-utopic (Ubuntu Trusty):
importance: Undecided → Low
Changed in linux-goldfish (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-goldfish (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-goldfish (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-goldfish (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Low
Changed in linux-flo (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-flo (Ubuntu Wily):
importance: Undecided → Low
Changed in linux-flo (Ubuntu Xenial):
importance: Undecided → Low
Changed in linux-flo (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Low
Steve Beattie (sbeattie)
Changed in linux-manta (Ubuntu Xenial):
status: New → Invalid
Steve Beattie (sbeattie)
Changed in linux (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Wily):
status: New → Fix Committed
Changed in linux (Ubuntu Xenial):
status: New → Fix Committed
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Fix Committed
Steve Beattie (sbeattie)
Changed in linux (Ubuntu Yakkety):
status: New → Fix Committed
Changed in linux-lts-xenial (Ubuntu Trusty):
status: New → Fix Committed
Changed in linux-raspi2 (Ubuntu Xenial):
status: New → Fix Committed
Steve Beattie (sbeattie)
Changed in linux-snapdragon (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-snapdragon (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Low
Changed in linux-snapdragon (Ubuntu Xenial):
status: New → Fix Committed
importance: Undecided → Low
Changed in linux-snapdragon (Ubuntu Yakkety):
importance: Undecided → Low
Changed in linux-snapdragon (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Low
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-xenial - 4.4.0-22.39~14.04.1

---------------
linux-lts-xenial (4.4.0-22.39~14.04.1) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1578775

  * LP: #1578705
    - bpf: fix double-fdput in replace_map_fd_with_map_ptr()

 -- Kamal Mostafa <email address hidden> Thu, 05 May 2016 09:30:58 -0700

Changed in linux-lts-xenial (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Kamal Mostafa (kamalmostafa) wrote :
Download full text (24.1 KiB)

This bug was fixed in the package linux - 4.4.0-22.38

---------------
linux (4.4.0-22.38) xenial; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1573817

  * autoreconstruct: need to also generate extend-diff-ignore options for links
    (LP: #1574362)
    - [Packaging] autoreconstruct -- generate extend-diff-ignore for links

  * tipc: missing linearization of sk_buff (LP: #1567064)
    - tipc: move linearization of buffers to generic code

  * [Hyper-V] In-flight PCI Passthrough Patches (LP: #1570124)
    - SAUCE:(noup) drivers:hv: Lock access to hyperv_mmio resource tree
    - SAUCE:(noup) drivers:hv: Call vmbus_mmio_free() to reverse
      vmbus_mmio_allocate()
    - SAUCE:(noup) drivers:hv: Reverse order of resources in hyperv_mmio
    - SAUCE:(noup) drivers:hv: Track allocations of children of hv_vmbus in
      private resource tree
    - SAUCE:(noup) drivers:hv: Record MMIO range in use by frame buffer
    - SAUCE:(noup) drivers:hv: Separate out frame buffer logic when picking MMIO
      range

  * vbox: resync with 5.0.18-dfsg-2build1 (LP: #1571156)
    - ubuntu: vbox -- update to 5.0.18-dfsg-2build1

  * CONFIG_AUFS_XATTR is not set (LP: #1557776)
    - [Config] CONFIG_AUFS_XATTR=y

  * CVE-2016-3672 (LP: #1568523)
    - x86/mm/32: Enable full randomization on i386 and X86_32

  * CVE-2016-3955 (LP: #1572666)
    - USB: usbip: fix potential out-of-bounds write

  * Xenial update to v4.4.8 stable release (LP: #1573034)
    - hwmon: (max1111) Return -ENODEV from max1111_read_channel if not
      instantiated
    - PKCS#7: pkcs7_validate_trust(): initialize the _trusted output argument
    - parisc: Avoid function pointers for kernel exception routines
    - parisc: Fix kernel crash with reversed copy_from_user()
    - parisc: Unbreak handling exceptions from kernel modules
    - ALSA: timer: Use mod_timer() for rearming the system timer
    - ALSA: hda - Asus N750JV external subwoofer fixup
    - ALSA: hda - Fix white noise on Asus N750JV headphone
    - ALSA: hda - Apply fix for white noise on Asus N550JV, too
    - mm: fix invalid node in alloc_migrate_target()
    - powerpc/mm: Fixup preempt underflow with huge pages
    - libnvdimm: fix smart data retrieval
    - libnvdimm, pfn: fix uuid validation
    - compiler-gcc: disable -ftracer for __noclone functions
    - arm64: opcodes.h: Add arm big-endian config options before including arm
      header
    - drm/dp: move hw_mutex up the call stack
    - drm/udl: Use unlocked gem unreferencing
    - drm/radeon: add a dpm quirk for sapphire Dual-X R7 370 2G D5
    - drm/radeon: add another R7 370 quirk
    - drm/radeon: add a dpm quirk for all R7 370 parts
    - drm/amdgpu/gmc: move vram type fetching into sw_init
    - drm/amdgpu/gmc: use proper register for vram type on Fiji
    - xen/events: Mask a moving irq
    - tcp: convert cached rtt from usec to jiffies when feeding initial rto
    - tunnel: Clear IPCB(skb)->opt before dst_link_failure called
    - net: jme: fix suspend/resume on JMC260
    - net: vrf: Remove direct access to skb->data
    - net: qca_spi: Don't clear IFF_BROADCAST
    ...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Kamal Mostafa (kamalmostafa) wrote :

This bug was fixed in the package linux-raspi2 - 4.4.0-1010.12

---------------
linux-raspi2 (4.4.0-1010.12) xenial; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1578741

  * Rebase against Ubuntu-4.4.0-22.39

 -- Kamal Mostafa <email address hidden> Thu, 05 May 2016 10:19:22 -0700

Changed in linux-raspi2 (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Kamal Mostafa (kamalmostafa) wrote :

This bug was fixed in the package linux-snapdragon - 4.4.0-1013.14

---------------
linux-snapdragon (4.4.0-1013.14) xenial; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1578759

  * Rebase to Ubuntu-4.4.0-22.39

 -- Kamal Mostafa <email address hidden> Thu, 05 May 2016 11:17:11 -0700

Changed in linux-snapdragon (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.4.0-22.39

---------------
linux (4.4.0-22.39) xenial; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1578721

  * LP: #1578705
    - bpf: fix double-fdput in replace_map_fd_with_map_ptr()

 -- Kamal Mostafa <email address hidden> Thu, 05 May 2016 09:30:58 -0700

Changed in linux (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Steve Beattie (sbeattie)
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Steve Beattie (sbeattie)
Changed in linux-lts-trusty (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-lts-wily (Ubuntu Trusty):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-lts-vivid (Ubuntu Trusty):
status: New → Fix Committed
Changed in linux-raspi2 (Ubuntu Wily):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.13.0-87.133

---------------
linux (3.13.0-87.133) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1585315

  [ Upstream Kernel Changes ]

  * Revert "usb: hub: do not clear BOS field during reset device"
    - LP: #1582864

linux (3.13.0-87.132) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1582398

  [ Kamal Mostafa ]

  * [Config] Drop ozwpan from the ABI

  [ Luis Henriques ]

  * [Config] CONFIG_USB_WPAN_HCD=n
    - LP: #1463740
    - CVE-2015-4004

  [ Prarit Bhargava ]

  * SAUCE: (no-up) ACPICA: Dispatcher: Update thread ID for recursive
    method calls
    - LP: #1577898

  [ Upstream Kernel Changes ]

  * usbnet: cleanup after bind() in probe()
    - LP: #1567191
    - CVE-2016-3951
  * KVM: x86: bit-ops emulation ignores offset on 64-bit
    - LP: #1423672
  * USB: usbip: fix potential out-of-bounds write
    - LP: #1572666
    - CVE-2016-3955
  * x86/mm/32: Enable full randomization on i386 and X86_32
    - LP: #1568523
    - CVE-2016-3672
  * Input: gtco - fix crash on detecting device without endpoints
    - LP: #1575706
    - CVE-2016-2187
  * atl2: Disable unimplemented scatter/gather feature
    - LP: #1561403
    - CVE-2016-2117
  * ALSA: usb-audio: Skip volume controls triggers hangup on Dell USB Dock
    - LP: #1577905
  * fs/pnode.c: treat zero mnt_group_id-s as unequal
    - LP: #1572316
  * propogate_mnt: Handle the first propogated copy being a slave
    - LP: #1572316
  * drm: Balance error path for GEM handle allocation
    - LP: #1579610
  * x86/mm: Add barriers and document switch_mm()-vs-flush synchronization
    - LP: #1538429
    - CVE-2016-2069
  * x86/mm: Improve switch_mm() barrier comments
    - LP: #1538429
    - CVE-2016-2069
  * net: fix infoleak in llc
    - LP: #1578496
    - CVE-2016-4485
  * net: fix infoleak in rtnetlink
    - LP: #1578497
    - CVE-2016-4486

 -- Kamal Mostafa <email address hidden> Tue, 24 May 2016 11:04:30 -0700

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.2.0-104.145

---------------
linux (3.2.0-104.145) precise; urgency=low

  [ Kamal Mostafa ]

  * CVE-2016-1583 (LP: #1588871)
    - SAUCE: proc: prevent stacking filesystems on top
    - ecryptfs: fix handling of directory opening
    - ecryptfs: don't reinvent the wheels, please - use struct completion
    - SAUCE: ecryptfs: forbid opening files without mmap handler

 -- Andy Whitcroft <email address hidden> Thu, 09 Jun 2016 10:45:14 +0100

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-trusty - 3.13.0-88.135~precise1

---------------
linux-lts-trusty (3.13.0-88.135~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * CVE-2016-1583 (LP: #1588871)
    - ecryptfs: fix handling of directory opening
    - SAUCE: proc: prevent stacking filesystems on top
    - SAUCE: ecryptfs: forbid opening files without mmap handler

 -- Andy Whitcroft <email address hidden> Thu, 09 Jun 2016 09:05:50 +0100

Changed in linux-lts-trusty (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 3.2.0-1482.109

---------------
linux-ti-omap4 (3.2.0-1482.109) precise; urgency=low

  [ Kamal Mostafa ]

  [ Ubuntu: 3.2.0-104.145 ]

  * CVE-2016-1583 (LP: #1588871)
    - SAUCE: proc: prevent stacking filesystems on top
    - ecryptfs: fix handling of directory opening
    - ecryptfs: don't reinvent the wheels, please - use struct completion
    - SAUCE: ecryptfs: forbid opening files without mmap handler

 -- Andy Whitcroft <email address hidden> Thu, 09 Jun 2016 11:22:47 +0100

Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-armadaxp - 3.2.0-1667.92

---------------
linux-armadaxp (3.2.0-1667.92) precise; urgency=low

  [ Andy Whitcroft ]

  * rebase to 3.2.0-104.145

  [ Ubuntu: 3.2.0-104.145 ]

  * CVE-2016-1583 (LP: #1588871)
    - SAUCE: proc: prevent stacking filesystems on top
    - ecryptfs: fix handling of directory opening
    - ecryptfs: don't reinvent the wheels, please - use struct completion
    - SAUCE: ecryptfs: forbid opening files without mmap handler

 -- Andy Whitcroft <email address hidden> Thu, 09 Jun 2016 14:18:38 +0100

Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-utopic - 3.16.0-73.95~14.04.1

---------------
linux-lts-utopic (3.16.0-73.95~14.04.1) trusty; urgency=low

  [ Kamal Mostafa ]

  * CVE-2016-1583 (LP: #1588871)
    - ecryptfs: fix handling of directory opening
    - SAUCE: proc: prevent stacking filesystems on top
    - SAUCE: ecryptfs: forbid opening files without mmap handler

 -- Andy Whitcroft <email address hidden> Thu, 09 Jun 2016 08:46:24 +0100

Changed in linux-lts-utopic (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-vivid - 3.19.0-61.69~14.04.1

---------------
linux-lts-vivid (3.19.0-61.69~14.04.1) trusty; urgency=low

  [ Kamal Mostafa ]

  * CVE-2016-1583 (LP: #1588871)
    - ecryptfs: fix handling of directory opening
    - SAUCE: proc: prevent stacking filesystems on top
    - SAUCE: ecryptfs: forbid opening files without mmap handler
    - SAUCE: sched: panic on corrupted stack end

 -- Andy Whitcroft <email address hidden> Thu, 09 Jun 2016 09:55:44 +0100

Changed in linux-lts-vivid (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-wily - 4.2.0-38.45~14.04.1

---------------
linux-lts-wily (4.2.0-38.45~14.04.1) trusty; urgency=low

  [ Kamal Mostafa ]

  * CVE-2016-1583 (LP: #1588871)
    - ecryptfs: fix handling of directory opening
    - SAUCE: proc: prevent stacking filesystems on top
    - SAUCE: ecryptfs: forbid opening files without mmap handler
    - SAUCE: sched: panic on corrupted stack end

 -- Andy Whitcroft <email address hidden> Thu, 09 Jun 2016 10:11:57 +0100

Changed in linux-lts-wily (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.19.0-61.69

---------------
linux (3.19.0-61.69) vivid; urgency=low

  [ Kamal Mostafa ]

  * CVE-2016-1583 (LP: #1588871)
    - ecryptfs: fix handling of directory opening
    - SAUCE: proc: prevent stacking filesystems on top
    - SAUCE: ecryptfs: forbid opening files without mmap handler
    - SAUCE: sched: panic on corrupted stack end

 -- Andy Whitcroft <email address hidden> Wed, 08 Jun 2016 22:25:58 +0100

Changed in linux (Ubuntu Vivid):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.2.0-38.45

---------------
linux (4.2.0-38.45) wily; urgency=low

  [ Kamal Mostafa ]

  * CVE-2016-1583 (LP: #1588871)
    - ecryptfs: fix handling of directory opening
    - SAUCE: proc: prevent stacking filesystems on top
    - SAUCE: ecryptfs: forbid opening files without mmap handler
    - SAUCE: sched: panic on corrupted stack end

 -- Andy Whitcroft <email address hidden> Wed, 08 Jun 2016 22:10:39 +0100

Changed in linux (Ubuntu Wily):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-raspi2 - 4.2.0-1031.41

---------------
linux-raspi2 (4.2.0-1031.41) wily; urgency=low

  [ Kamal Mostafa ]

  [ Ubuntu: 4.2.0-38.45 ]

  * CVE-2016-1583 (LP: #1588871)
    - ecryptfs: fix handling of directory opening
    - SAUCE: proc: prevent stacking filesystems on top
    - SAUCE: ecryptfs: forbid opening files without mmap handler
    - SAUCE: sched: panic on corrupted stack end

 -- Andy Whitcroft <email address hidden> Thu, 09 Jun 2016 11:00:02 +0100

Changed in linux-raspi2 (Ubuntu Wily):
status: Fix Committed → Fix Released
Revision history for this message
Andy Whitcroft (apw) wrote : Closing unsupported series nomination.

This bug was nominated against a series that is no longer supported, ie vivid. The bug task representing the vivid nomination is being closed as Won't Fix.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux-armadaxp (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-flo (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-lts-quantal (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-lts-saucy (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-lts-trusty (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-lts-utopic (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-lts-vivid (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-mako (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-raspi2 (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-ti-omap4 (Ubuntu Vivid):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.